WIPO UDRP D2024-0770 Debian vendetta response

Some of my fellow Debian Developers (co-authors) started harassing my family and I back in 2018 at a time when I lost two family members.

This blog has been written under duress. Normally the best thing to do with bullies is to ignore them but they are blackmailing me with the threat that WIPO will publish some insults denouncing me, destroying my life and trying to push me into the Debian suicide cluster.

Trigger warning

The Debian online community makes malicious references to harassment and abuse, deliberately conflating different meanings of these words to sully the reputations of independent volunteers. Victims and witnesses to real harassment and abuse may be triggered by exposure to these word games in the Debian online community.


The misfits have now used Software in the Public Interest, Inc, an organization that I have no relationship with, to transmit insults through WIPO.

WIPO has assigned the case number D2024-0770.

Some people may think that after more than three decades that I have been doing voluntary work in ham radio and free, open source software, this must be some kind of April Fool's Day joke. Sadly it is not.

The case says a lot about the toxic culture of these small-minded people who are using the trademark to cling onto the coat-tails of Debian's founders. It is glaring at us in the list of domains in dispute. While these misfits spend all their time slinking around in chat channels jealously sneering at the real developers, I was the only one engaged in creative thought registering some of the most exciting Debian-inspired domain names. To prove the point, here is the list of domain names now in dispute. Given all the effort they put into the debian.community vendettas, why did none of the misfits spare a minute to think of any of these names and register them first?

The list of domains is startling but at the same time, it captures all the most contentious political issues in Debian today. I feel that I have done the real community a huge service by thinking ahead and registering these domains before they could fall into the hands of cybersquatters.

Criminal proceedings in progress

There are now a range of criminal proceedings in progress regarding the harassment of my family and I.

The outgoing Debian Project Leader has used his final email newsletter to distribute defamation about police involvement. This demonstrates the real motive of the WIPO insults is to use all forms of proceedings concurrently, with as much noise about it as possible, to cause the maximum stress and psychological harm to victims such as my family and I and other independent volunteers.

The current harassment through the WIPO process is a violation of UDRP Rules 15(e) regarding the harassment of the domain name holder.

The outcome of criminal proceedings may help to test the evidence submitted by the parties, to fill the deliberate gaps in the evidence and to give some indication of the real source of bad faith and previous patterns of harassment against my family and I.

I believe the panel should suspend the current procedure and wait for the parties to provide details of the criminal proceedings to the panel.

WIPO fascist deadline

WIPO has set a deadline for me to respond to the insults by 2 April 2024. Coincidentally, 2 April is the anniversary of the European Parliament resolution of 2 April 2009 on European conscience and totalitarianism.

The text of the motion begins like this:

1. Expresses respect for all victims of totalitarian and undemocratic regimes in Europe and pays tribute to those who fought against tyranny and oppression;

In point 4, the European Parliament asserts that constant vigilance is needed to fight undemocratic, xenophobic, authoritarian and totalitarian ideas and tendencies. Inspired by this bi-partisan resolution from the European Parliament, I created the web site Nazi.Compare and started publishing examples of poor behavior by the vigilantes in free, open source software communities.

Moreover, 2 April is Carla's birthday. The manner in which rogue Debianists and toxic people at WIPO demand that I shift my focus to their petty concerns is another prime example of the way that Debian fascism (Debianism) is imposing on our families and personal lives.

Carla was born in Chile on the very day that Argentina launched their doomed invasion of Las Islas Malvinas / Falkland Islands. Carla's country, Chile, who share a 4000km land border with Argentina, sided with the British and allowed British forces to operate from Chilean territory. Margarita Manterola (marga), who is Argentinian, banned Carla from food at DebConf, despite the fact that Marga has attended numerous DebConfs with her husband. Just another example of how these two-faced people behave.

WIPO, Modern Slavery and Blackmail in Switzerland

The deadline also coincides with the Easter long weekend. While other people are able to rest on the long weekend, these people are blackmailing me to focus on my work with Debian, which is a voluntary activity.

Blackmail is accompanied with a threat of adverse consequences.

In many countries, blackmail is a crime.

Forcing people to work without payment is a crime.

WIPO operates this blackmail with the threat that if I do not spend Easter reading their insults and sit here working on this response, they will automatically re-publish insults and defamation, dragging the name of my family through the mud. In other words, WIPO are revealing themselves to be a fascist regime, a lot like those regimes that the European Parliament resolution is warning us about.

I have already done decades of voluntary work for Debian and free, open source software and now they force me to work on a public holiday.

Multi-Institutional abuse & WIPO blackmail hand-in-hand

The insults misfits submitted through WIPO regurgitate references to harassment, abuse and 2018, the time when the trial of Cardinal George Pell was underway, among other things.

Normally, when cases of abuse appear in the news, the identities of victims, possible victims, witnesses, any other children who were there and anybody in proximity to the children is obfuscated.

Yet Google, WIPO and Debian seem to be able to do as they please and spread rumors about harassment and abuse of anonymous victims in proximity to the volunteer developers.

The WIPO UDRP process makes no reference to how they protect the privacy of people in proximity to potential cases of abuse.

I contacted various lawyers about the matter, this is an example of one response from a firm registered with the bar association in Ireland:

We are a small firm and our resources are quite stretched at this time.

Nonetheless, one of the architects of the cover-up in Melbourne has been linked to Ireland.

Response being prepared without legal representation

In 2021, my business purchased a legal protection insurance from the firm Parreaux, Thiebaud & Partners in Switzerland. It turns out this firm had been operating in Switzerland since 2018 without a license to sell insurance and without all but one or two staff having a law license. In other words, from the perspective of the clients, the Swiss insurance was no better than a ponzi scheme. Even more disturbing, the Swiss authorities, including the financial regulator FINMA and the Ordre des Avocats de Genève (Geneva Bar Association) apparently knew about this since 2021 but didn't close the firm down until 2023. It is the Swiss JuristGate affair.

On the other hand, the misfits have apparently spent over $120,000 on legal fees making attacks against my family and I over the last few years.

In some countries, like South Africa, home of the outgoing Debian Project Leader Jonathan Carter, you can pay less than that to have somebody killed.

No faith in WIPO, the legal panel, conflicts of interest

In the previous WeMakeFedora.org dispute, the ADR Forum proposed a legal panelist who had a leading role in a trade association promoting the interests of the complainant.

That particular conflict of interest was very easy to recognize and the panelist withdrew from the process.

Many of the panelists appear to be associated with companies who have funded one of the parties and some of them appear to be involved in groups like the FSFE Legal Network. At the same time, many of the current vendettas appear to intersect with both FSFE and Debian at the same time.

Therefore, without being able to determine the extent to which any particular panelist or WIPO employee is engaged in these other groups, I do not trust any of them.

Jurisdiction and cultural issues

The WIPO documents specify a jurisdiction for the domain registrar but the content on the web sites needs to be viewed through the perspective of different jurisdictions and cultural conventions.

Creation of the Debian software commenced in the United States.

The Debian co-authors today come from a range of different countries each having their own legal and cultural expectations about matters such as copyright, privacy and abuse.

There is a widespread understanding that the free, open source software community values freedom of expression in the sense of the first amendment to the US constitution / US Bill of Rights.

Adam Borowski via debian-project, 2018-12-20:
I agree with you wholeheartly. Censorship is at the root, or very close to the roots, of pretty much any violation of freedom I can think of.

When people look at the Debian Social Contract, which includes the clause (3) We will not hide problems, there is an expectation that we have all agreed to collaborate under an American regime of transparency and free speech about organizational issues.

The role of Debian Project Leader has been performed by people from a range of different countries where norms differ from one country to the next. For example, Chris Lamb, who started the current vendetta in 2018, is from the UK. It has been quite normal for the British press to publish information about the former Mayor of London trying to help girlfriends get jobs in the public service. Asking similar questions about women who won internships in proximity to Chris Lamb feels entirely compatible with the convention followed in British society.

In other European countries, such as Germany and Switzerland, there seems to be far more emphasis on protecting the reputations of those who are party to such affairs such that the whole affair is often hidden from view. There is a perception that people from these countries want to have their cake and eat it too. They demand privacy for themselves but they still lurk on the debian-private mailing list and chat channels spreading rumors about the rest of us. They want to download and use the software without paying for it and they don't even respect the principles of the developers. The FSFE is even using a name derived from the American FSF, it is feels like a case of identity theft, but at the same time they are snubbing freedom of expression.

Content that appears to be inconvenient for an entirely German online community is quite valid in an online community claiming to adhere to an American style of discourse.

Similarity of the domain names

It is clear that most of the domain names are either identical to the trademark or they contain the trademark.

Total similarity is completely normal and inevitable because the misfits behind the WIPO insults and I are all collectively co-authors of the same Debian software that is identified by the trademark.

Some of the names, such as debianproject.org may appear to be particularly audacious. Nonetheless, I do not expect the legal panel to be the first to approve such a name. The previous case D2000-0410 Religious Technology Center v. Freie Zone E. V. concerned the domain scientologie.org which is totally identical to the German spelling of the trademark. The case was decided on the merits of legitimate interests. The incredible similarity was not a black mark against the choice of domain name.

It is odd that the misfits have spent $120,000 on legal cases to censor domain names but they couldn't think of any of these names and register them in advance.

Money can buy legal harassment but it seems money can't replace the creative minds that have abandoned Debian long ago.

Legitimate interests to use the trademark

There are various grounds providing Debian co-authors with a legitimate interest to use the trademark in a domain name and in other contexts.

Legal counsel representing the misfits have submitted to WIPO a copy of a previous WIPO censorship decree discussing the scientologie.org dispute. Therefore, I presume that the misfits and their legal counsel are aware of the arguments relating to the scientologie.org verdict ( WIPO UDRP case D2000-0410).

The outcome in the scientologie.org verdict is that somebody having a copyright interest in a creative work that shares the name of a trademark, that person has a legitimate interest in using the name of the creative work in a domain name and possibly other contexts too.

By submitting the document, they implicitly acknowledge the open questions from the previous legal panel.

The respondent to the previous dispute was an anonymous non-profit organization, the Free Software Contributors Association. The association asserted that some of their members were Debian Developers wishing to protect their anonymity and privacy. In relation to whether or not those people are real Debian Developers, the panel wrote:

The Panel confirms that this finding does not imply that it has taken any view of the ownership of copyright in DEBIAN software. Indeed, it is unable to do so on the evidence before it.

The panel did not seek to speculate on the names of the authors contributing to the site but the misfits have been hysterical in their finger pointing. After stealing that domain, the only thing they used it for was publishing attack pages. In other words, they violated UDRP rule 15(e) after the procedure had completed.

These two lines from that panel are significant and as the misfits have submitted this document in support of their demands, with the help of legal counsel, we are surprised they have not tried to answer that question proactively. It appears that they don't care too much about documenting and protecting the exclusive economic rights of a copyright owner or the moral rights of an author.

On the distinction between the exclusive economic rights of a copyright owner, I note that none of us Debian Developers, being the co-authors of Debian, have ever been asked to assign our rights to any third-party copyright owner. The misfits have not submitted any evidence purporting to prove that such an assignment did take place. Therefore, there is no copyright owner having exclusive economic rights over the Debian software. By default, the rights rest with the authors who did the work. Despite having clearly read the panel's comments, the misfits have not submitted any evidence claiming that any such party exists with exclusive economic rights as a copyright owner of the Debian software.

Legitimate interest: a very long history of voluntary contribution

Some of us started doing Debian as a hobby alongside other hobbies such as amateur radio. One of the early Debian Project Leaders, Bruce Perens, also notably came to Debian for amateur radio purposes.

I passed the amateur radio exam in 1993, when I was 14 years of age. My first years of voluntary activities in amateur radio and free software were during a time when I was legally a child. I didn't receive any payment for some of those activities. I offered my time on the basis that I was gaining skills and helping real communities.

Around the same time, while I was still legally a child, I came to appreciate the fact that there are some adults who exploit talented and precocious youngsters by trying to direct the work that is being undertaken and failing to disclose or share financial benefits.

I believe my first engagement with Debian was in 1997 and the first proof I can find of my engagement with Debian is an email from 23 February 1998 about package creation.

The Debian Project constitution was originally published on 10 September 1998, some time later.

The trademark was only registered later on 21 December 1999

Looking at the Scientologie.org UDRP verdict, the panelists gave some weight to those possessing a copyright interest that predates the registration of a trademark or a copyright interest arising from a situation that intersects with the history of the trademark.

Legitimate interest: the Debian license statement

Oddly enough, Debian documents and files in a Debian system refer to the licenses of the individual packages being distributed. It was hard to find an actual example of a copyright statement or license for Debian itself as a collective work.

The Debian Project constitution of 1998, referred to above, encourages Software in the Public Interest, Inc to register a trademark. It says nothing about copyright in the existing body of work.

Here are the words from the original constitution:

Since Debian has no authority to hold money or property, any donations for the Debian Project must be made to SPI, which manages such affairs.

SPI have made the following undertakings:

1. SPI will hold money, trademarks and other tangible and intangible property and manage other affairs for purposes related to Debian.

So people can donate intangible property like copyright to SPI if they make a personal decision to do so. The constitution did not oblige us to make such donations/assignments.

This situation is well known in open source software development. Some companies ask their contributors to sign a Contributor License Agreement or an assignment granting all their rights to a central entity with exclusive copyright.

Such an assignment can't take place through a majority vote, such an assignment or transfer of rights to a single entity would require the unanimous consent of every single author who ever contributed to Debian. In the case of those authors who are deceased, we would need to obtain consent from their estates.

Continuing the search for a Debian license, on the ISO installation media, I found the file isolinux/f10.txt which contains the very brief text:


Debian GNU/Linux is Copyright (C) 1993-2016 Software in the Public Interest,
and others.

The Debian GNU/Linux system is freely redistributable. After installation,
the exact distribution terms for each package are described in the
corresponding file /usr/share/doc/<packagename>/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

It asserts that copyright is owned by Software in the Public Interest, and others. Most of us are individual private volunteers and we have never personally chosen to grant or assign our copyright interest to Software in the Public Interest. I became curious about who put this statement into the ISO image.

The history of the file is available in the source code repository. The text has been there for more than 20 years without any scrutiny.

It remains odd that there is no similar statement in the release notes or the installation guide.

The key things being asserted in that very brief license statement:

Debian originated in the United States under the leadership of a US citizen, Ian Murdock, in 1993. Therefore, the US Copyright law is relevant.

The moral rights of authors ("and others") exist in the context of both a Collective work and a work of Joint authorship.

Wikipedia has an article on this particular type of copyrighted work, Collective Works (US law).

Debian is a collective work under the above US copyright law. The work was initiated in 1993 by Ian Murdock in the United States.

In a Collective work (US), the authors (or co-authors) are selecting works from third parties and arranging them into the final product, Debian, a collective work. The decision making process that involves selecting third party works and the decision making process that involves arranging the third party works gives rise to the moral rights of authorship in the Debian collective work.

The US law on collective works states:

The “authorship” in a collective work comes from the original selection, coordination, and arrangement of the independent works included in the collective work.

In the Debian world, the independent works are referred to as "upstream" source code. The authors of independent works are referred to as "upstream authors" or just "upstream".

The Debian maintainer guide describes the process of jointly selecting the independent works for inclusion in Debian. In particular, co-authors are required to create a public "Intent To Package" (ITP) report in the bug tracking system (BTS) so that other co-authors can discuss the merits of the selection decision. The requirement to engage in a shared discussion for every selection decision gives rise to joint authorship rights.

Moreover, the person who creates the package importing the independent work into Debian is required to create a manifest describing the inclusion of the independent upstream work. This manifest is the debian/control file. The Debian Policy Manual provides a list of fields in the debian/control files.

Some of these fields are dedicated to the coordination and the arrangement of the independent works within a Debian system.

Coordination of the independent contributions: the package dependency fields describe the relationships between packages that have to be installed together or which conflict with each other. In many cases, when a library package is a dependency for other packages, we have to ensure that the version of the library package in Debian is compatible with the dependent packages. We have a formal process of coordination in this case, the Transition process. Populating the dependency fields in the debian/control file and participating in a Transition process, either as the producer or the consumer of a dependency, are examples of coordination of the independent works from upstream authors.

Here are some examples where I personally engaged in these actions:

Created an ITP bug report and discussed the inclusion/selection of a package, also discussed the selection of the source through the mailing list

created a control file for the SimpleID package

SimpleID transition

The fields Section and Priority impact the arrangement of the contributions from the perspective of the user. The person completing the values in these fields is engaged in the process of arrangement of the contributions in a collective work.

Creating a Collective Work is a process of decision making. In the Debian world, we have a joint process of decision making. In particular, every author can make individual decisions over any package in the collection at any time. From the Developers Reference, a package can be signed by any key in the Debian Developers keyring. The documentation about the NMU process explicitly describes the process by which any Debian Developer is authorized to modify the package contributed by any other Debian Developer.

Here is an example where I used the NMU process to update the nfs-utils package

From time to time, the Debian co-authors undertake a vote to make a decision. Some of these votes concern social phenomena, such as the vote to accept the Diversity Statement, which says everybody is welcome in Debian. Some of the votes directly determine the arrangement of independent works in Debian. One of the most notable examples was the General Resolution on Init system coupling. Another example was the General Resolution on Handling source-less firmware in the Linux kernel. By participating in these votes, all co-authors exert some influence over which independent works are included in Debian and how those independent works are arranged.

Therefore, the development of Debian includes features of both a collective work and a work of joint authorship at the same time. Moreover, due to processes such as library transitions, NMU and our system of voting on certain decisions, any co-author may influence the way that other co-authors are integrating the independent upstream works into Debian. This cross-pollination of ideas and effort is a well known feature of Debian. In other Linux distributions, the developers are a little bit more siloed from each other.

Every two years, an official stable release of the Debian software is released to the public. This process of releasing involves declaring a version number that corresponds to a particular subset of the contributions that are in a working state at the time of the release. Even if a Debian Developer's contributions are obstructed from inclusion in future releases, or if a Debian Developer commits suicide, their work is still present in all the past releases that have been published.

My own contributions are included in a number of these Debian releases over the years.

This report finds my name in changelogs and copyright files. There are 21 pages of results.

Shooting themselves in the foot

To declare that the Debian Developers do not have authorship rights at all would be incredibly de-motivating.

Future volunteers may be deterred from contributing their intellectual property and their time.

Legitimate interests: the Debian family fallacy

Debian oligarchs repeatedly tell us that we are all a family.

Evidence: Andrew Cater says we are a family.

Evidence: Jonathan Wiltshire says we are a family.

This is an implicit authorization to use the trademark.

Consider the case of the British royal family.

Prince Harry and Princess Meghan went onto Oprah Winfrey's talk show to talk about problems in the family business. We could say this is analogous to some of my blog posts about the problems in Debian, or the FSFE crisis and other free, open source software groups.

Harry and Meghan were asked to stop using their His/Her Royal Highness (HRH) styles. Harry was banned from wearing military uniform at the funeral of the late Queen Elizabeth II. Yet they still have a legitimate interest in using the family name, Windsor.

If Debian really is a family, and it certainly isn't an employer, we can all use the family name even if we are not willing to live with each other in the same castle.

Legitimate interests: the promise of recognition

The misfits behind the WIPO insults do not pay the rest of us anything for our collaboration in creating the Debian software.

They told us that the only thing we get in return for our creations is the recognition.

They are now using the debian.org web site and the trademark to give people negative recognition. This is like bouncing a cheque.

In the circumstances, it seems entirely appropriate for me to follow through on the promise of recognizing people. The misfits have provided a list of the domains along with the dates that each domain name was registered. On the list, the name debian.plus is the first name registered. debian.plus was registered for the purpose of delivering on the promise of positive recognition to the authors and our work.

Evidence: my blog Modern Slavery & Debian Open Source lists many of the promises of recognition in lieu of payment for our work.

Debian promises recognition, I take the following quote from the latest Debian law suit where they admit using the promise of recognition to lure people into working for free:

64. ... un des avantages importants de travailler pour la communauté Debian est la valeur de sa réputation dans le domaine, à la fois professionellement et dans la communauté. ...

The promise of recognition is repeated again here in the Debian wiki.

The motivations of the authors also are varied, but the coin that they get paid in is often recognition, acclaim in the peer group, or experience that can be traded in in the work place

The same thing appears in the page about Debian Membership:

Debian has several types of association and membership for those who do wish to be recognised, or have rights within the project.

For people promoting Debian, there is a template for giving a talk. It includes the comments:

you are recognized for your contributions ... Did you ever have a boss who takes credit for your work? Not in Debian.

In short, there is a big emphasis on working for recognition instead of a salary. They gave us the promise of recognition and that gives rise to a legitimate interest in using the trademark in domain names for web sites about our work.

Legitimate interests: promoting my creative efforts

The scientologie.org UDRP verdict makes reference to the promotion of an author's work.

This point was also emphasized by the legal panel considering previous Debian disputes. The panel wrote:

Unlike the circumstances in Religious Technology Center v. Freie Zone E. V, supra the Respondent in the present case is not using the disputed domain name to disseminate information about its copyright work.

All the web sites that have been started using these domains involve the promotion of my creative work in a Debian context.

Several of the domain names have been chosen in recognition to my own work in specific areas of Debian. For example, the domains debian.chat, debian.finance and debian.video have already been started with information about my work on software relating to financial software, chat software and video software, as well as videos about my work.

Legitimate interest: EU whistleblower directive, raising workplace health & safety concerns

In 2019, the European Union adopted the Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law .

The Debian Social Contract includes the clause:

3. We will not hide problems

This clause appears completely compatible with the EU Whisteblowing Directive. In fact, this clause appears to encourage and authorize whistleblowing.

The fact that a Debian Developer wrote a combined resignation/suicide note on the night before Debian Day makes it hard to ignore the possibility that his death is related to something in the Debian environment.

Public Health England quantifies three suicides in a community as the minimum threshold to declare a suicide cluster.

Legitimate interest: redistribution of the Debian software is explicitly authorized

The Debian Free Software Guidelines and the Open Source Definition evolved together. One of the key pillars of both definitions is the authorization of free redistribution of the software.

With this authorization, any person who obtains a copy of the software is entitled to redistribute it.

The DebianGNULinux.org domain name was registered to do exactly that, to redistribute copies of the Debian software. This activity has been authorized.

Remarkably, in one of their claims submitted to another tribunal, the misfits explicitly describe a web site redistributing Debian as an outrageous crime, despite the fact the DFSG and the license statement referred to earlier explicitly authorize redistribution of genuine copies of Debian GNU/Linux.

complaint about debiangnulinux.org

Such a flagrant violation of the principles in the DFSG appears to be bad faith on the part of the complainant.

Legitimate interest: use of the logo is authorized

The trademark holder has created a web page where they distribute copies of the logo in many different electronic formats.

The page describes two versions of the logo, the open logo and the restricted use logo.

The page gives a free-for-all license to use the open logo.

The logo I am using on pages about my Debian work is the open logo.

Here is the text of the authorization from the trademark holder:

The Debian Open Use Logo comes in two flavors, with and without “Debian” label.

The Debian Open Use Logo(s) are Copyright (c) 1999 Software in the Public Interest, Inc., and are released under the terms of the GNU Lesser General Public License, version 3 or any later version, or, at your option, of the Creative Commons Attribution-ShareAlike 3.0 Unported License.

Legitimate interest: use of Debian-themed web page style

The Debian web page style is used extensively on third party web sites run by individual co-authors and volunteers.

At the bottom of every page on the main www.debian.org web site there is a link to a dedicated page about the licenses (authorization) to re-use the theme and content of www.debian.org.

The license link goes to the page https://www.debian.org/license. The page includes the following authorization:

Debian WWW Pages License Copyright © 1997-2024 Software in the Public Interest, Inc. and others
SPI can be contacted at:
1732 1st Ave #20327
New York, NY 10128-5177
United States

Since 25 January 2012, the new material can be redistributed and/or modified under the terms of the MIT (Expat) License or, at your option, of the GNU General Public License; either version 2 of the License, or (at your option) any later version (the latest version is usually available at https://www.gnu.org/licenses/gpl.html).

Work is in progress to make the older material compliant with the above licenses. Until then, please refer to the following terms of the Open Publication License.

This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, Draft v1.0 or later (you can read our local copy, the latest version is usually available at http://www.opencontent.org/openpub/).

“Debian” and the Debian Logo are trademarks of Software in the Public Interest, Inc.

The complainant publishes the source code for the web site theme. This makes it easy for anybody empowered by the above license to download the theme and use it when creating their own site.

At the bottom of every page on Debian.org, they promote the source code for the web site with a link text "Web site source code is available".

Here is the link to download source code for the theme of the Debian.org web site.

Legitimate interest: right of reply

The misfits have been making gossip against my family and I long before I registered any Debian-related domain names.

Notably, they use the Debian trademark and the Debian.org web site to add weight to their vendetta to humiliate volunteers and our families.

They censor, threaten and blackmail anybody who dares to challenge their vendettas. "We are humiliating Bob this week, you can't talk to him or you are next". That is what it looks like when misfits blackmail other volunteers.

Therefore, to respond to the vendettas published on Debian.org by operating similar web sites containing the name Debian feels entirely reasonable and proportionate as a right-of-reply by any co-author.

Bad faith: by the complainant, not me

For a UDRP case to be successful, in addition to proving that there is similarity to the trademark and if the complainant somehow proves that there is no legitimate interest whatsoever, the complainant must also prove that there is bad faith in the use of the domain names.

In this case, I believe the test for legitimate interest has already been satisfied and therefore, when legitimate interest exists, the panel does not make any inquiry into whether there is bad faith on the part of the domain name holder.

Under the UDRP Rule 15(e), it is also vital for the legal panel to consider whether the complainant themselves is harassing the domain name owner or acting in bad faith. In other words, whether the complainant has deceived the panel, whether a complaint has been brought for the purpose of harassment or whether the complaint is part of a broader pattern of harassment against the domain name holder.

Therefore, I simultaneously examine the attacks the complainant is making against my family and I, demonstrating not only that they are unjustified but also that by making these attacks, the Debian misfits themselves are clearly engaging in harassment and bad faith behavior.

Bad faith: no communication before opening the WIPO UDRP procedure

The misfits did not make any attempt to contact me and propose a solution to the conflict. They unilaterally opened a dispute through the UDRP.

Moreover, I had published a blog telling people that I would consider giving some of the domains away to people who have similar rights derived from joint authorship.

There have been many opportunities for them to communicate with me like a human being. They talk about Debian being a "family" but they pack together like gang rapists to pick off developers one at a time and attack us.

They are bypassing any normal human communication because they want to cause the maximum amount of stress. They want WIPO to publish the name of my family in a negative context more than they want any of those domains.

In such circumstances, they prove they are committing the act of harassment under UDRP rule 15(e)

Bad faith: lawyers get the lifejackets, Abraham Raji gets none

In January 2023, I published a picture of our crew rowing Head of the Yarra. The guy sitting behind me won the award for Emergency Practitioner of the Year. He is just the type of person you would want to have around if somebody went missing in the water. But in all the years we did rowing, I don't remember anybody going missing.

Daniel Pocock, Yarra Yarra Rowing Club, Head of the Yarra

A few months after I published that photo and Abraham Raji disappeared and drowned on the DebConf day trip.

According to the Wiki page for the day trip, volunteers participated in a series of activities throughout the day. To participate in the final activity, the kayak, the volunteers were expected to pay an extra fee. People not paying the fee would be left alone to swim like Abraham Raji.

In Australia, we all learn the basic rules of swimming. Never swim alone is one of those rules. Swim in the marked swimming areas.

Debian people like to reinvent the wheel and find their own way of doing things. The DebConf organizers are particularly bad at this. People are constantly bike shedding about the costs of minor things. They tell the foreigners from poor countries that they have to pay their own visa fees. They expected the Indians to pay the supplement for going in a kayak, which comes with a life jacket, or be left alone.

Abraham Raji, Debian, DebConf, kayak, death

But according to their own records, they paid over $120,000 to lawyers to attack my family and I. Paying the lawyers was more important than providing supervision or life jackets for victims like Abraham Raji.

Abraham Raji, Nihara, DebConf23, Debian, Kayak

Given this vendetta has drained so much of the budget that somebody was left without a lifejacket and he died, it is clear to me that this vendetta is brought in bad faith and it violates UDRP rule 15(e).

Bad faith: attacking a volunteer at a time of grief, disrespect for the sanctity of human life

The complainant admits they began attacking my family and I in 2018 (evidence: screenshot of doxing messages from Chris Lamb further below). This was a time when I lost two family members and it was a disturbing time for my family and I for a range of reasons.

I told fellow collaborators that I couldn't fully commit to some of my voluntary responsibilities at that time. (email to Molly de Blanc)

At the same time, one of the issues causing controversy is the appearance of a Debian suicide cluster or an open source software suicide cluster. The attempt to minimize attention on individual suicides also has the effect of minimizing discussion about whether the combined body of deaths form a cluster. Public health authorities define three or more suicides as a cluster. The public health authorities advise that clusters need special attention to avoid the risk of further deaths.

Moreover, given the way that the Debian deaths intersect with my own family life, including the unexplained death of Adrian von Bidder on the day of our wedding, a possible suicide, the grief and toxicity associated with these phenomena have inevitably become intertwined.

This phenomena should be examined from an independent perspective, with a focus on the issues and not trying to misdirect attention towards a volunteer who expressed concerns about it. Forcing an individual volunteer to write about such phenomena under the threat that WIPO will denounce me is abhorrent.

Given that we already have this unexplained Debian death on the very day of our wedding, which is a huge scar, how can they possibly be imposing more scars upon my life with the continued burden of public harassment on the Debian web site and through WIPO? It is too much and it has been going on for too long.

Therefore, the bad faith is entirely on the part of those bullies forcing the matter before WIPO.

Bad faith: psychological torture / cybertorture

In the role the community elected me to perform, I gave people accurate assessments of the FSFE as an organization. The people caught doing the wrong thing responded with personal attacks on my family and on me as an individual.

It is entirely correct for us to scrutinize the functioning of a group or organization like that. It is wrong for such groups to turn on an individual volunteer.

Prof Nils Melzer, United Nations Special Rapporteur on Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment has published a report on the practices of cybertorture and psychological torture. An earlier blog post examines the phenomena in Debian.

The insults submitted by the misfits write about excluding people. We saw similar tactics in the case of the "hooded men" in Northern Ireland. The obsession with excluding and isolating people, which comes up frequently in online discussions between the enforcers, is truly evil.

The defamation and insults created by the Debian misfits focus on a period when I lost two family members. By making repeated references to that period in 2018 they are seeking to trigger and exploit feelings of grief. This is the sort of deliberately cruel behavior envisaged by the UN special rapporteur.

Given that the misfits used WIPO and the UDRP to transmit documents targetting a period of grief, this is an example of a complaint brought for the purposes of harassment in violation of UDRP rule 15(e).

Bad faith: intent to use the domains for vendettas

The misfits provided a copy of a previous UDRP censorship decree for a domain they seized. After seizing the domain, the misfits have not used the domain for any original purpose. They are only using the domain to publish insults and attacks against my family and I.

Therefore, it would be reasonable to assume that any domains censored by this new UDRP case will also be weaponized against me.

Given that they have already behaved like this before, with their use of debian.community, it would be no surprise if they continue that behavior with any other domains they steal. Therefore, their intention is to harass me, as prohibited by UDRP rule 15(e).

Bad faith: voluntary work intertwined with our lives

The work we do as open source software developers intersects with many other aspects of our lives.

For example, when we participate in other voluntary groups in the real world, we often help them with their technology requirements. The solutions we provide often involve Debian and other free software products. When misfits start spreading rumors from Debian into social media networks, this is harmful to other groups where we participate and at the same time, it is harmful to our own personal lives, the places where we go to socialize away from our computers, the places where we go to exercize and so on.

Evidence: Centenary of Federation award.

This intrusion on multiple aspects of our lives, both professional and personal, is not by accident, it has become a deliberate intention of the rogue leadership figures who engage in publicly humiliating volunteers.

Therefore, given the impact that public denouncing us has on our lives, it is harassment and it violates UDRP rule 15(e)

Bad faith: suicide, stigma and tarnishing

WIPO panelists are asked to consider whether the content of the web sites tarnishes a trademark. There is clearly a lot of stigma around suicides. It is inevitable that some tarnishing may occur when suicide is mentioned.

Nonetheless, the panel needs to consider whether tarnishing is the lesser evil.

The factual revelations of a Debian / open source suicide cluster do run the risk of tarnishing the Debian trademark, I am not going to dispute that.

Yet the panel can not automatically conclude that tarnishing is done in bad faith. If the reason for publishing evidence related to a suicide cluster is in the interest of public health and preventing more suicides then it looks like tarnishing but it is NOT bad faith.

Given the nature of suicide, there is simply no way to publish these public health concerns without the counter-accusations of tarnishing.

In responding to the previous case of UDRP harassment by IBM Red Hat, in relation to the domain name WeMakeFedora.org, I made reference to the Holmes and Rahe Stress Scale. The loss of a family member is one of the highest events on the scale, between 63 and 100 points. Significant attacks on the business, career or professional reputation are rated between 39 and 47. It is suggested that when these events and scores combine, for example, through bad luck or persistent harassment, overall scores over 300 are highly likely to have an impact on health. In other words, there is a higher risk of illness, accident and suicide for people subjected to stress of this level.

The complainant is clearly aware of these arguments from the prior WeMakeFedora.org case so their decision to embark upon a copy-cat case and deliberately submit documents referring to 2018, the specific time when I lost two family members, appears to be a reckless and deliberate attempt to knowingly impose more pain on my family and I. Therefore, it is clearly a violation of UDRP rule 15(e), harassment and bad faith by those who initiated the procedure.

Bad faith: concealing risks to children

When IBM Red Hat submitted their case in the UDRP, they included as evidence an example of content from the WeMakeFedora.org web site. The example included five blog posts and one of those was a blog that had originally been published by me and then automatically syndicated by WeMakeFedora.org.

The blog that IBM Red Hat complained about and therefore wanted to censor was the blog post Google, FSFE & Child labor.

FSFE is a non-profit puppet organization jointly funded by Google, IBM Red Hat and other large corporations.

There are a subset of Debian co-authors who are also associated with FSFE.

As the community had elected me as the FSFE Fellowship representative and as I had concurrently been a mentor and administrator in programs like Google Summer of Code (GSoC) and Outreachy, I had an important role to play documenting the risks to children.

At the same time these risks to children began appearing in the world of open source software, the criminal procedure against Cardinal George Pell had been unfolding in Australia. As it turns out, a family member, some years younger than me, had been in the choir at the time that the late Cardinal Pell was Archbishop of Melbourne.

I had personally been an officer of the National Union of Students (Victorian state branch) in 1999. As far as I can tell, I was the most senior student representative having contact with somebody in the choir at the very time that the late Cardinal was in charge. When I saw risks to children around the open source software world, how could I not express concerns?

I had started doing voluntary work as a GSoC mentor in 2013. Therefore, I had five years experience of these programs when I came across the problems in Albania in the latter part of 2017. I used internal channels to raise concerns about the risk to minors.

Complainants knew my concerns were based on long standing experience and on personal exposure to these situations. While credible organizations would have found a way to deal with these matters diplomatically, the complainants are simultaneously trying to both censor me and discredit anything I have to say about these risks.

The fact that IBM Red Hat cited the child labor blog in their UDRP submission shows that is what they were trying to cover up. Their UDRP complaint was ruled an act of bad faith.

This is the evidence that IBM Red Hat submitted. It is clear that people around FSFE want to prevent discussion about child safety.

The fact that I had both privately and publicly expressed concerns about the risk to children and the timing of Debian's UDRP action coincides so closely with IBM Red Hat makes me feel they are seeking to censor and undermine exactly the same concerns about risks to children.

Looking at the way the FSFE's child labor program progressed, we can see that when the program finished, FSFE obfuscated the full names of the children who did the work. These children clearly have a copyright interest in the work they created. In other fields of endeavour we can see children receiving credit for their work under their full name. For example, look at the Jackson Five, where Michael Jackson began performing under his real name from age five.

The French pop singer Marina Kaye (a stage name) appeared under her real name Marina Dalmas on France's Got Talent when she was thirteen years old. Yet the children who wrote code for FSFE are not given credit under their full names. Only their first names were published.

FSFE, YH4F, Ekaterina Radaeva, Katya Radaeva, Miquel Puig, Hector, Stavros Piperakis

The trial of Cardinal Pell never proved whether abuse took place. What has been confirmed by medical evidence is that one member of the choir began substance abuse at approximately fourteen years of age. There are multiple possible explanations for the substance abuse. For some of the boys, participation is a burden and they never sing again after graduating from the school.

The choir was associated with the pressure of maintaining a scholarship at one of Australia's most expensive schools. The FSFE YH4F program involved the pressure of competing for a financial prize. When somebody like me with exposure to both of these situations expresses concerns, why are these organizations so desperate to cover it up?

The internal reports I submitted about harassment of women and risks to minors in 2017 are contemporaneous evidence of what really went on in proximity to the Outreachy funding in high risk countries like Albania. I was often the only mentor to personally witness the behavior of local men and women in these groups.

In 2013, when the Australian government sought to humiliate Iranian women and migrants with a video, I loudly resigned my membership of the party. This was nine years before the rest of the world took a serious interest in the plight of Iranian women protesting against a headscarf Code of Conduct. Even more telling, my written concerns put the mistreatment of these women in the same category as the alleged abuse in the Catholic church. The concerns were captured by Crikey.

Given my personal involvement as a witness over many years, my track record of being right about these things, sometimes well ahead of time and the track record of organizations trying to silence people who raise concerns about abuse, the attempts to discredit my testimony about these matters in proximity to GSoC and Outreachy is itself the act of bad faith, a violation of UDRP rule 15(e).

Bad faith: companies trying to keep the real abuse reports in-house

In the world of free and open source software, we have the unique phenomena of corporate employees working side by side with developers who work for competitors and also the unpaid volunteers.

After the commmunity elected me as the FSFE Fellowship representative in 2017, I began to receive significantly more detail about wrongdoing that goes on in the world of free and open source software. It is understandably surprising and disturbing for some of the larger companies to discover that these reports about their employees were going to an external volunteer and not to their in-house human resources department.

It is a useful moment to compare this situation to how it worked in the institutional abuse crisis. Australia's Royal Commission published many of the internal documents from the institutions concerned. One set of meeting minutes from the Archdiocese of Melbourne stands out. The Personnel Advisory Board (PAB), a group of highly trusted clergy who assist the Archbishop with the appointment of clergy to different roles, has realized that their board is too big and they need to create smaller sub-groups to handle the more sensitive cases.

Father X____ raised the question of how much is told to whom.

Father X____'s name appears frequently as somebody involved as an architect of the cover-up. His parish web site notes that he went into retirement in 2016. Coincidentally, that was the very moment the Royal Commission was seeking answers from Cardinal Pell.

Miraculously, Father X____ reappeared very briefly in 2023 to give a sermon at the funeral of a relative in a tiny village that few people would have heard of outside the state of Victoria. The following month, three people from that obscure village died in a mysterious mushroom poisoning that made headlines around the world.

Here is a snippet from the sermon, the man who moved pedophiles not only from one parish to another but also from one institution to another. He mentions a family connection with a former superintendent of An Garda Siochána (the Irish police).

By moving known pedophiles around, Father X____ enabled more abuse to take place and this resulted in more lives destroyed by overdoses and suicides.

Those seeking to discredit a former community representative are acting a lot like the institutions in the abuse crisis. As the WIPO UDRP guidelines tell us, anything that tarnishes the brand of Debian or the church has to be censored and covered up.

They are seeking to remove, censor and discredit me simply because people told me things I wasn't supposed to know. They would have preferred that some of these issues with women and children were only known to a select group of people appointed by the companies, just as the Personnel Advisory Board sought to limit knowledge of certain matters to the smallest possible sub-committee of clergy.

While the move to keeping information in-house is understandable and many companies even have an obligation to do so due to the privacy rights of their employees, it is not acceptable that they retrospectively punish me for my knowledge of these things. If punishing me or discrediting me for that role is part of their objective, they are the ones behaving in bad faith, violating UDRP rule 15(e).

Bad faith should not be alleged against an individual volunteer

Working in IT, our personal reputations for integrity are essential for us to feed ourselves and support those who depend on us.

A bad faith finding is likely to cause significant harm to a volunteer's ability to seek employment, obtain credit and enter into insurance contracts.

There have been complaints that WIPO panels have been making bad faith findings in cases that are ultimately about political speech rather than integrity of the publisher. This is very dangerous for personal victims of such findings and those who depend on such victims.

Moreover, using the bad faith verdict arbitrarily cheapens the meaning of the term bad faith.

It seems incredulous that a vindictive trademark owner can pay $1,500 to WIPO to make such an attack on a volunteer that will destroy that person's future and cause significant harm to those around them.

It is even more abhorrent that they can do such a thing to somebody who has contributed decades of voluntary service and to somebody suffering the loss of two family members at a time of grief.

Scrutiny should be turned around on those organizations who are exploiting our work and then menacing volunteers with the total loss of our livelihoods.

Bad faith can't be alleged when following a precedent

If a domain name holder has been motivated to register and use a particular domain name based on the logic of previous UDRP decisions, it would be very unreasonable to find the domain name holder is acting in bad faith.

There was widespread discussion of the scientologie.org verdict last time there were disputes about Debian domain names in 2022.

Based on those discussions and my new awareness of the logic behind the scientologie.org verdict, I felt that I had very reasonable grounds to register some Debian domains for the purpose of promoting my work in Debian and for promoting Debian, our collective work, as a whole.

Given that I was motivated by the precedent from another WIPO panel and there are good reasons for me to feel that I have legitimate interests on the same grounds, as somebody with a copyright interest, it is entirely unreasonable to accuse me of bad faith.

Bad faith: an ad hominem attack

A search for domain names containing the trademark Debian finds over 2,500 domains and web sites.

Looking at the list of open disputes in the WIPO UDRP case search, I can see that the list of domain names in dispute only has one thing in common: they are all owned by one person, me.

It is clear they are not concerned about the content, they are concerned with attacking the person, me.

Moreover, this ad hominem attack behavior has started before the registration of the domains and before the complaint. For example, the defamation statement submitted by the complainant is another example of an ad hominem attack. The statement is dated 2021, before all but one of these domains were registered. It shows that the complainant has a history of making ad hominem attacks with an intention to harm my family and I.

An ad hominem use of the UDRP process is therefore harassment by the complainant and a violation of UDRP rule 15(e).

Bad faith: complainant seeking revenge for whistleblowing about bad faith

Insults submitted by the complainant as evidence show they started harassing my family and I in 2018.

If we drill down, we find they started this harassment in September of that year.

In April 2017, the FSFE members elected me as their Fellowship representative. There is a significant overlap between members of the FSFE (approximatley 1532 people at the time of the election) and co-authors of the Debian software.

In the beginning of September 2018, in my role as Fellowship representative, I wrote that the FSFE was acting in bad faith by using a name derived from the real FSF. Various emails have since been published to prove there is bad faith and that both the FSF management and the FSFE management are aware of the bad faith. Of particular concern to me, as I expressed in the blog post from September 2018, a volunteer who had contributed a bequest of EUR 150,000 may have been fooled by the bad faith of FSFE. In other words, if the FSFE was not using a name similar to FSF, the volunteer may have given his bequest to the real FSF.

Evidence: FSFE election result.

If you hire an engineer to inspect a used car, you would hope that they would be able to verify basic things like the authenticity of the serial number (VIN) on the vehicle chassis. As the elected Fellowship representative, I had an obligation to report the FSFE was not what it claims to be.

The money that volunteers and private individuals have contributed to FSFE over the years is far more than the value of most used cars. Therefore, in the case of FSFE, there is both evidence of bad faith and there is quantitative evidence, the financial reports, showing us the impact of that bad faith.

The attacks against my family commenced immediately after I published the evidence of bad faith by FSFE. The email was sent to the LibrePlanet list on 11 September 2018 and the attacks began about one week later, as shown by the date of the email from Chris Lamb below on 20 September 2018.

The attacks against my family and I are a predecessor of this harassment through the UDRP. It has been a continuous pattern of harassment over six years now. It appears that this harassment, of which the UDRP insults are just the latest instalment, is part of an overall reprisal for the reports I gave the community in my capacity as the Fellowship representative.

Using the UDRP to insult and harass a volunteer community representative as a reprisal for performing their duties is clearly an act of harassment and bad faith as anticipated by UDRP rule 15(e).

Evidence: email from Mirko Bohm: I would like to thank you for your contributions to FSFE and for your commitment not to shy away from asking the difficult questions and calling out the need for change where it exists.

Bad faith: complainant reneges on their own Diversity Statement

The pack adopted the Debian Diversity Statement by a General Resolution in which all the co-authors were invited to vote.

The Diversity Statement begins with the line:

The Debian Project welcomes and encourages participation by everyone.

The insults that they submitted with the complaint, the defamation statement created by Donald Norwood in the Debian Press Team, contradicts their own Diversity Statement which was adopted by a General Resolution. Such a contradiction demonstrates a significant lack of integrity and their defamation statement should not be taken seriously.

I informed people that I had resigned from some of my voluntary roles at a time when I lost two family members. Therefore, their behavior towards my family and I is not just a plain vanilla violation of the diversity statement, it is an aggravated violation. It is bad faith.

Bad faith: the complainant is gaslighting about authorship and membership

The complainant appears to pivot back and forth between concepts from copyright law and from the law of associations.

Consider the case when somebody begins contributing to Debian. There is no such thing as a "New member" process. Rather, it has historically been called the "New maintainer" process. We can see that clearly in the name of the debian-newmaint mailing list.

The word "maintainer" primarily implies somebody is doing creative work to select, coordinate and arrange more independent works into Debian.

Then we have the guide for the New Member process, which was previously known as the New Maintainer process. In step 3, explained in that page, the new contributors are asked to agree to the Debian Social Contract, the Debian Free Software Guidelines and the Debian Machine Usage Policy. The former is ultimately about our relation as authors, not as members and the terms under which we license our work to the rest of the world.

The new maintainer/member guide doesn't ask people to ratify their adherence to the constitution. The notion of joining an association, whether it is incorporated or not, is inseparable from consenting to be governed by and uphold the association's constitution. The only people who ever ratified the constitution were 86 co-authors in 1998 (23% of the developers at that time) who wanted to have a constitution.

Somebody who did not ask to be a member can't be expelled.

Somebody who is not an employee can't be demoted or sacked.

Yet we have seen some of the leadership figures insist on having these powers over a series of victims. The title Debian Project Leader implies just that: to lead, not to give orders.

The insinuation that concepts of expulsions and demotions can be applied to co-authors is an example of gaslighting.

Copyright law is very clear: co-authors of a work are equal. Notions of expulsions and demotions violate the principle of being equal.

University of California: Each joint author has the right to exercise any or all of the exclusive rights inherent in the joint work

The fact that they are knowingly and deliberately trying to obfuscate our moral rights as co-authors, giving us nothing in exchange for the status they are taking away, is an aggravating factor that justifies the finding of harassment and bad faith against the complainant.

Bad faith: use of an administrative process to extinguish the moral rights and recognition of co authors

A recent paper in the University of Western Australia law journal examines the subject of Copyright Nazi Plunder: How the Nazis Aryanized Jewish Works.

The paper notes that the Nazis used administrative law to frustrate the rights of authors, just as misfits are using a WIPO administrative process to harass and intimidate a Debian co-author. Quoting the journal article:

Despite the fact that written IP legislation in Nazi Germany did not include specific exclusions for Jewish applicants and authors, in practice, they were excluded by administrative measures alone rather than legal ordinances.

The misfits frequently use the same language, the word "exclude" comes up again and again. Harassment, UDRP rule 15(e)

Bad faith: Debian Trademark Policy never ratified

Debian co-authors have never been asked to individually ratify the Debian Trademark Policy or any similar regulations.

A trademark policy published unilaterally by the trademark owner can give people authorizations above and beyond fair use and legitimate interest. On the other hand, such a policy can not unilaterally erode the default rights to fair use and legitimate interest.

Hypothetically, the complainant could ask co-authors to sign some agreement waiving our fair use rights. This may happen in the context of employment, where those who receive a salary agree to forego other rights.

Debianists do not pay us a salary and they did not ask us to individually ratify any agreement waiving our fair use rights.

They have never tried to do this. The only agreement they ever asked each and every one of us to individually ratify is our adherence to the Debian Machine Usage Policy and to the Debian Social Contract.

Therefore, in my role as a co-author, I am not bound by any restrictions unilaterally imposed upon us by the Debian Trademark Policy and only the normal rules of fair use and legitimate interest can be considered in this dispute.

Moreover, it is bad faith by the complainant to simultaneously insist that they can expel somebody, which is really a nonsense concept in terms of joint authorship rights, as such rights can't be extinguished and then insist that the people supposedly expelled will still remain bound by rules from above that only apply in the context of being a member of their clique.

Bad faith: complainant reneges on existing authorizations

As noted in the statements on legitimate interest, the complainant has clearly authorized many of the things they complained about.

The Debian Social Contract, which states "We will not hide problems", authorizes discussion of controversial technical, social and ethical topics. In fact, it is more than an authorization, it encourages such discussions and publications. Therefore, their complaining about what is published on these web sites is itself an act of bad faith.

They authorized use of the logo, as discussed, so their complaining about use of the logo is itself bad faith.

They put the web site theme and content under the open source licenses, as discussed above, so their complaining about sites with a similar appearance is itself bad faith.

Overall, for their claim of bad faith to supercede these authorizations, they would have to demonstrate some extraordinary acts of wrongdoing, for example, to show that a web site was using the trademark, domain name and logo to distribute a virus. They provide no evidence of such wrongdoing.

Bad faith: the complainant's evidence

They submit many boilerplate documents containing copies of the domain and trademark registrations. On top of that, they only submit three other documents.

One of those is the copy of a judgment from a previous Debian dispute. The judgment expresses concern about some specific images on another web site. The complaint does not provide any examples of those images or any similar content on any of my own Debian web sites. Therefore, this judgment can't be extrapolated to content on my own web sites.

They provide a copy of biographical information about me from my company web site. This is not published on one of the domains in dispute so it is not relevant. By providing this, they are insulting me. Looking at the very first archived copy of an email from the debian-project mailing list in 1994, we find that Debian co-authors are using the term Debian Developer four years before there was a trademark. That is four years before the Debian Project constitution. The term Debian Developer is completely valid for somebody who has done significant creative work over many decades. In plain English, the term Debian Developer can mean three things: somebody who possesses the skill of creating Debian software, somebody who has an authorship interest in the Debian software and thirdly, but lastly, somebody who is a member of the clique. Copyright law does not require somebody to be a member of the clique. I never joined the Debian Project Unincorporated Association, I have always used the term Debian Developer first and foremost to describe myself as an author with moral rights in the creative work. Given that they have taken this text from a web site that is not even part of the dispute, I feel the legal panel would be best to avoid getting involved in this aspect of the dispute.

The third document they provide is a defamation they created themselves. They are clearly hoping to have WIPO republish insults and defamation to cause some sort of harm to my ability to work and feed myself. They allege that there was some issue of harassment but do not provide any details. They claim it was in the year 2018, a period when I lost two family members. Their insistence on twisting a knife in my back at such a time only proves bad faith on their part.

In various ways, we can see that the document they submitted is a fraud that has the possibility of deceiving the WIPO legal panel.

For starters, the harassment began in 2017. Even the year specified in their evidence is wrong. Therefore, the evidence they are submitting is a deliberate deception that tries to invert the story.

Here is the internal report about the harassment. The date is 12 October 2017 so the misfits are clearly lying to the WIPO legal panel. I have redacted the section that identifies underage victims.

The next internal email from Larissa Shapiro at Mozilla admits that kids are at risk.

Emma Irwin from Mozilla admits this is a serious matter and asks me to speak to Marta, Mozilla's HR investigator.

There you have it. The most senior student representative to have had contact with a member of the choir in the era of Cardinal Pell has subsequently arrived in Albania and correctly and discretely raised the alarm about pimps and pedophiles using funds from Mozilla, IBM Red Hat and other tech companies to bait their child victims and young women.

It is creepy how the complainants deception about the dates and details mirrors the case of the Swiss JuristGate scandal. The Swiss financial regulator, FINMA, has published a summary of their decision to shut the rogue firm. In the summary of the decision, not only does FINMA redact the names of those responsible for ripping off the customers, FINMA even redacts the dates. One of the reasons FINMA is redacting the dates is to hide how long the regulator and the bar association really knew about the scandal. The hidden dates are examined in more detail in my first blog post about Juristgate. Here is a screenshot from the FINMA document showing where the year is obfuscated / redacted:

FINMA, Parreaux Thiébaud & Partners, Justicia SA, Justiva SA, Mathiee Parreaux

The FSFE Fellowship elected me as a community representative in April 2017. Shortly after that, women in Albania confided in me about the incidents of harassment. I traveled there again to help organize a MiniDebConf and Fedora Women's day and in the process, I became a witness to acts of harassment and a serious possibility of underage abuse.

All of this clearly began in 2017 but the defamation created by Debian seeks to obfuscate the year and the source of the harassment. They completely fail to thank me for the effort I made supporting these women. This was an effort above and beyond what had been anticipated when I volunteered to speak at the conference in Albania.

At the time, I had confided in the women that I was watching these matters very carefully because one of my cousins, who is much younger than me, had been in the St Patrick's cathedral choir during the time Cardinal George Pell was Archbishop of Melbourne. The Pell case was one of the most high profile allegations of abuse in the Catholic Church. The Royal Commission notes in their report that of 15,000 victims who contacted them, the Catholic Church was implicated in far more cases than all the other religions combined.

In the meantime, Carla had also written about her eating disorder on her web site. Research estimates that at least thirty percent of women with these conditions have been victims of harassment or abuse in childhood.

Various people appeared to resent the fact that women had given evidence about an (IBM Red Hat) Fedora Ambassador and Mozilla Tech Speaker to an independent, elected community representative who was not under any obligation of confidentially to the companies funding the Albanian groups. In other words, these companies would have prefered to see the women reporting scandals through internal company channels.

Shortly after I received this information from women, the FSFE revised their constitution to remove their annual elections and ensure there would never be any other community representative again. The complete removal of the election and the representative position proves that this wasn't about any failing on my own part, this was about the companies behind FSFE wanting to ensure that complaints about their people wouldn't reach any independent outsider who might be elected next.

At the end of the process, Mozilla produced a report about the harassment. I have never been given a copy of the report and the complainant has not submitted the report either. I don't feel the complaint should be taken seriously at all unless all parties, including the legal panel, are granted access to all these original, contemporaneous documents about the origins of the harassment and my support for the victims.

Evidence: Mozilla confirms a report was produced about the harassment and abuse.

Meanwhile, at the very same time as the Cardinal Pell trial was progressing in Australia, family and friends were shocked to see mysterious references to abuse circulated on social media. I don't even have any social media accounts myself so I only started hearing about these character assassination plots from witnesses who saw the smears. Cardinal Pell was convicted in December 2018 and a few weeks later, in January 2019, Joerg Jaspert of the Debian Account Managers team put mysterious references to abuse in one of our Debian source code repositories.

One of the findings from the Royal Commission states that abuse survivors who came forward took an average of 23.9 years to talk about what happened to them. Having attended a Catholic school in the same neighborhood and having multiple connections with fellow alumni and the diocese, it would not be a surprise for me if any one of the people I know might reveal themselves to be connected with the scandal at some point in the future.

Moreover, two of my cousins passed away far too young.

It is so shocking for me to see how these dirty men are playing these games with the subject of abuse.

At the time that Joerg Jaspert started making these privacy violations, he was on the school council at Dalbergschule in Fulda, Germany. Local magazines published a photo of him in a Debian t-shirt with other parents Claudia Beck and Ina Riechert.

Claudia Beck, Jörg Jaspert, Ina Riechert

How can the other parents and staff trust this dirty man with any sensitive topics when he runs around spreading gossip about abuse in the debian-private world?

Given that background, I find it abhorrent that these silly people claim to be victims of abuse when what really happened is they got caught doing the wrong thing. By claiming to be victims of harassment and abuse, by hijacking and distorting the language of sexual misconduct they are asking us to exhibit the same sympathy for long-distance peeping toms at Google as we would for those 15,000 child victims.

Here is another example of Debianists pretending to be part of the sexual crimes detective unit and circulating gossip as if it was truth. The email is written by Russell Coker, a Debian Developer in Australia, half way around the world from where the rumors started in Berlin. How could he write such forceful words about Dr Appelbaum when it is something he had no way to see? This shows how Debianists use their titles and their trademark to make stuff up and then give weight to defamation. This type of rogue behavior makes it even harder for the community to know when real victims take the difficult step of coming forward with real reports of abuse.

Evidence: Russell Coker fabricating rape stories.

Bad faith: deliberately conflating different types of harassment and abuse

The complainant frequently raises concerns about "harassment" and "abuse" whenever somebody asks a question they don't want to reply to.

Yet it doesn't stop there.

Not only do they claim to be victims of "harassment" and "abuse", they deliberately seek to conflate different meanings of these words. It works a bit like the game of Chinese Whispers.

The classic example was the lynching of Dr Jacob Appelbaum. One person posted messages about "harassment". Somebody else who wasn't actually there extrapolated that into "sexual harassment". Then another person who was all the other way over the other side of the world in Australia forcefully writes that it was a "rape".

Evidence: Chinese Whispers and liars rehearsing stories about Dr Appelbaum.

The word "abuse" is used in much the same way. Somebody asks a question about the bank account. The question is disparaged as an unqualified example of "abuse". Later, somebody adds a prefix, people mention "sexual abuse". But there is nothing sexual about asking why somebody's girlfriend got paid to do work that other volunteers do for free. We saw them using this word game in relation to Prof Eben Moglen recently.

Evidence: Matthew Garrett (Debian) spreading abuse rumors against Prof Moglen

Not only are they trying to defame the person asking a serious question but we also have to remember that when people try to portray themselves as victims of "abuse", they are siphoning off a little bit of credibility from the real victims, like those incredibly young boys and girls who made complaints about institutional abuse. The pretend victims and their antics dilute the credibility of the real victims.

Most healthy people are turned off by discussions like this. Yet there is a subculture around Debian, a subgroup of volunteers who appear to take some voyeuristic interest in making these word games with references to abuse, the type of thing we see in the blog post by Matthew Garrett.

Just how did Garrett become an expert on abuse?

These comments about the phenomena may appear quite strong and defamatory at first glance but the evidence is already public. Have a look at the controversy about the package with the name "weboob". According to reports, the source code is laced with crude references to women. The package was discussed on debian-private. Quite a few Debian men, like Axel Beckert, a system administrator at the ETH Zurich university, defended the package during his working hours.

Subject: Re: weboob package
Date: Fri, 13 Jul 2018 14:29:58 +0200
From: Axel Beckert <abe@debian.org>
Organization: The Debian Project
To: debian-private@lists.debian.org


Jonathan Dowland wrote:
> Yesterday I stumbled across the "weboob" package for the first time,
> which includes a slew of binaries with names similar to the following:

So what? I don't see any problem with that. (And I don't see why
there's a thread on debian-private about it.)

		Regards, Axel
 ,''`.  |  Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Develoober, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bad faith: timing of harassment

In each case, we can see that one of the Debian oligarchs has engaged in some form of behavior that involves bullying or harassing a volunteer and the disclosures about bullying have only happened subsequent to that.

The vendettas began in September 2018. The complainant has submitted their case of debian.community and we can see that the domain name debian.community was only registered in October 2019, more than 13 months after the Debian Project Leader started spreading gossip about multiple volunteers.

In April 2021, I incorporated a new company to promote my work. In November 2021, the misfits began distributing their defamation statement about my family and I as a reprisal. It appears the misfits are jealous that I could start my own company and they wanted to destroy it. In Australia, we call this the Tall Poppy Syndrome.

In June 2021, one of the women was caught trying to start rumors about me having a relationship with a female intern. The same woman was caught again trying to start rumors in the same chat channel in July 2022. In March 2023, I created a web site Outreachy.Dating with proof that the rumors are false. I did not spontaneously decide to go and create the Outreachy.Dating web site. The site only came into existence as a right of reply to the pre-existing campaign of gossip against my interns, my family and I.

Ariadne Conill

As already described in a previous section, when we agreed to create Debian together, we agreed to uphold the Debian Social Contract, which includes the commitment 3. We won't hide problems.

In 2018 and 2019, oligarchs started hiding the blogs of some co-authors. The same phenomena occurred in the Fedora Linux community. I have only had to register domain names like Debian.News and WeMakeFedora.org in response to the censorship of some blogs. I did not just wake up one day and spontaneously decide to create these domain names, I was motivated to do so because the censors violated our existing rules of engagement, the Debian Social Contract and the Fedora Foundations.

Bad faith: Debian's violent history of intolerance

Despite all the grand statements about the Code of Conduct, Respect and Diversity, the Debian people are highly intolerant.

It has always been this way and there is plenty of evidence.

Consider 2006, the violent expulsion of Ted Walther from DebConf6 dinner in Mexico. Somebody started a rumor that his dinner guest was a prostitute. Nobody checked the facts. People physically pushed him out the door and nearly threw him down the steps.

Evidence: debian-private leaks about the DebConf6 assault

Instead of spending $120,000 on lawyers, they could have simply apologized to my family for violating our privacy. But they are paying all this money to rewrite history. They are paying the lawers all this money to insist that the petty little word choice issues that their small minds are preoccupied with are more significant than things like the death of my father.

Bad faith: blackmailing people to disclose personal and private information

Whenever people come across the Debian smearing campaign through social media and they ask me about the rumors of harassment and abuse, the first things that come to mind are those cases that arose at the time. The poor behavior I witnessed towards women from Albania, Carla's eating disorder and the prosecution of Cardinal George Pell.

Other volunteers have made similar complaints about being blackmailed to make public statements and disclose things about themselves.

Bradley Kuhn of the Software Freedom Conservancy has recently complained that he was blackmailed to publicly disclose things about his romantic life and partner preferences.

Kuhn: As such, I'm outing myself here first (primarily) to disarm his ability to use what he knows about my sexual orientation against me.

In 2019, we saw that Dr Norbert Preining was blackmailed to write a self-deprecating forced confession on a public mailing list. When I saw that Dr Preining and I had been subject to similar blackmail tactics, I felt that I was being expected to make a similar public statement about matters that belong in private.

In the case of Bradley Kuhn, his disclosures relate to himself. In my own case, in all cases of harassment and abuse where I have been a witness, it is unthinkable that I should be forced by these rumors to make disclosures about other people.

Therefore, when I published the Mozilla examples above, I partially redacted them to avoid revealing the names of underage open source software victims.

Nonetheless, I didn't voluntarily choose to publish responses to gossip about abuse. They are using the WIPO UDRP to blackmail me to publish comments about abuse cases. Therefore, they are violating UDRP rule 15(e).

Bad faith: destroying our portfolio of work

In some industries, it is common for practitioners to carry a portfolio of their work. For example, photographers, architects and similar professionals often rely on such a portfolio to show potential clients what they are capable of.

In computing, prospective employers and clients look at the portfolio of our work in Debian and other free software projects. Replacing that portfolio with insults and defamation is akin to setting the portfolio on fire.

Once again, this appears to be the intention of the misfits behind the complaint. By publishing attacks on my family and demanding a verdict of bad faith, they are trying to further undermine the credit I deserve for decades of work involving free and open source software. It is harassment in violation of UDRP Rule 15(e).

Bad faith: how many Debian Developers really committed suicide?

We can look at the list of Debian Developers and filter the list by "Current status".

There are 972 Debian Developers listed with the status "Debian Developer, uploading". These are people considered to be active.

When people resign/retire, their status is changed to "Emeritus". There are 449 Debian Developers with status Emeritus.

The status "Removed" is distinct from the status "Emeritus". There are 272 Debian Developers with status "Removed". This list includes people who have died, it includes victims who have been disappeared and it includes people who have failed to respond to any attempts to communicate. Some of these people may have been participating under a fake identity. Some of them may have become fed up with the politics and walked away without saying goodbye. Some of these 272 people that we can't account for may have joined the suicide cluster.

Public health statistics tell us that only one in four suicide victims leave a note. In a large enough group of people, for every one person who leaves notes like Frans Pop, it seems like a reasonable hypothesis that there are three more who we don't know about because they didn't leave a note. Ian Murdock left notes on social media. Richard Rothwell left notes.

With or without a note, in this list of 272 people "Removed", there will be many more we don't know about because their families would never think to tell us.

How many of these 272 vanished after some secret humiliation on the debian-private mailing list?

How many bloggers have committed suicide after WIPO denounced them with accusations of bad faith?

Bad faith: deceiving the previous WIPO panel

The misfits have clearly deceived the previous WIPO panel on certain issues. One of those issues is their claim that Albanian women paid to travel to Brazil were junior female developers.

I was a mentor and administrator in both the Google Summer of Code and Outreachy programs over a number of years from 2013 to 2018.

In that role, I interacted with many of the prospective interns, both male and female.

I was involved in creating tasks that we asked the applicants to perform to test their skills and demonstrate their motivation during the selection process for these internships. I observed the effort that each applicant made, whether they were male or female.

There were definitely women who did a very high standard of work. However, there were other women who did not do any software development and we can see now in hindsight that some of those women still haven't done any software development despite hanging around the open source communities for almost a decade. Therefore, the claim that every woman was a junior female developer was not true. Some women were junior female developers, the rest we could not refer to with the term developer.

We can see that the panel was deceived about the origins of references to branding in the nether regions. This controversy, which was mentioned in the panel's finding against another domain, is rooted in the manner in which the misfits created rogue commits in source code repositories on the anniversary of our wedding.

Specifically, we completed a civil wedding on 23 September 2010 and then we completed the religious ceremony a few months later on 17 April 2011.

Here is the civil wedding certificate:

Here we can see the rogue commit in the Debian keyring repository, on the date of the civil wedding, overlaid with the photo of genital branding from NXIVM.

Debian, NXIVM

Given the way this extreme harassment simultaneously intrudes on both my professional life and my family life, I find these images even more horrific than they were for the WIPO panel. Nonetheless, the images of genital branding are as relevant as they are horrific when you consider the deliberate way these misfits impose on our lives and our reputations.

Here is the date of the religious ceremony on my wedding ring, alongside the tombstone of Adrian von Bidder, secretary of Debian.ch who died in what appears to be a possible suicide on exactly the same day, 17 April 2011:

What an incredibly toxic culture the Debian misfits are trying to hide with this WIPO UDRP vendetta.

The misfits have made multiple intrusions in the lives of volunteers. While the scars are not identical, the mentality behind those scars is much the same. In both Debian and NXIVM, some of the people feel they have a sense of entitlement to impose upon all aspects of our lives and our future, whether it is through branding, through gossip or through demanding that WIPO denounces individual volunteers.

Bad faith: using WIPO and an Albanian gangmaster to defame me

I previously documented how I was a witness to acts of harassment and the risks to underage participants by two Albanian men. I attached the emails showing how this was raised through internal channels at Mozilla.

When Chris Lamb decided to attack me on our wedding anniversary, he actually used Elio Qoshi, the Albanian bringing a sixteen year old girlfriend to tech conferences, to distribute the messages about the vendetta.

At the time, I was with one of the victims. Women who had worked with me personally had been surprised to see Lamb colluding with these Albanian gangmasters. I took a photo of the message that the Albanian forwarded from Lamb to the phones of female victims:

Chris Lamb, Debian, doxing

It is an extraordinary example of corruption. When I saw Chris Lamb colluding with Elio Qoshi to denounce me at such a painful time for my family, I couldn't help thinking of men like Jimmy Saville and Rolf Harris collaborating in their crimes.

When I challenged Lamb about these messages in December 2018, he publicly denied sending them, a lie to the whole community.

Chris Lamb: You are well-aware that I have been nothing but scrupulous and gentlemanly with regards to your personal privacy and thus ...

The dishonesty of these misfits is as extraordinary as the intrusion into the family lives of volunteers.

As Debian is an operating system, it is relied upon as the foundation for so many other things that people do with their computers both in industry and in private. In other words, people put a lot of trust in the operating system but we can't trust the people making it. Here we have caught the then leader of Debian using a common garden variety Albanian pimp to spread rumors about a long standing volunteer and also publicly lying about the matter.

Now these dirty little men aspire to exploiting a WIPO panel in the same way they used this Albanian gangmaster to denounce my family and I on the anniversary of our wedding. As mentioned earlier, the deadline set by WIPO was Carla's birthday.